> I have been reading this thread and noticed no one has suggested the MAC > address filtering capabilities in Linux 2.4's new ip tables subsystem. I > hear there are serious problems with using 2.4.x series kernels as a > firewall, though; what are they?
I believe the 2.4.x iptable issues were resolved in 2.4.4. The problem was that allowing FTP connections through the firewall enabled a resourceful person to also create unauthorized non-FTP TCP connections which, obviously, defeats the purpose of a firewall. I haven't had a chance to play with iptables yet but your suggestion for using the MAC address sounds reasonable. Pete
